Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 20/08/2020 Updated: 24/08/2020

CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 739

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netgear r6700_firmware

CWE-121 https://www.zerodayinitiative.com/advisories/ZDI-20-936/https://kb.netgear.com/000062127/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-R6700v3-PSV-2020-0202 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-15635

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect